Difference between revisions of "CodingStandards"
|  (→Evil things to avoid) |  (→Idioms) | ||
| (24 intermediate revisions by 9 users not shown) | |||
| Line 3: | Line 3: | ||
| == C++ version == | == C++ version == | ||
| − | Wesnoth uses C++ conforming to C++ | + | Wesnoth uses C++ conforming to C++17 (as supported by macOS 10.11+) in master branch. | 
| == Formatting == | == Formatting == | ||
| Line 10: | Line 10: | ||
| You may use long lines. | You may use long lines. | ||
| + | |||
| + | Don't use a space after control flow keywords (if/for/...). | ||
| == Evil things to avoid == | == Evil things to avoid == | ||
| Line 19: | Line 21: | ||
| Do not use <tt>operator T()</tt> (where <tt>T</tt> is a type) to allow an implicit conversion to a different type. For example: | Do not use <tt>operator T()</tt> (where <tt>T</tt> is a type) to allow an implicit conversion to a different type. For example: | ||
| − | + | <syntaxhighlight lang='c++'> | |
| + | t_string(const std::string&); | ||
| + | </syntaxhighlight> | ||
| This can cause many situations where a temporary t_string is implicitly created and then gets destroyed unexpectedly (reference [https://gna.org/bugs/index.php?20360 bug #20360]). | This can cause many situations where a temporary t_string is implicitly created and then gets destroyed unexpectedly (reference [https://gna.org/bugs/index.php?20360 bug #20360]). | ||
| Line 31: | Line 35: | ||
| === Destructors must not throw exceptions === | === Destructors must not throw exceptions === | ||
| − | Do not allow exceptions to propogate from a destructor. Doing that is always bad in C++. Any code which does it should be treated as a bug and fixed. | + | Do not allow exceptions to propogate from a destructor. Doing that is always bad in C++. Any code which does it should be treated as a bug and fixed. Doing this is a very easy way to cause memory leaks and crashes. | 
| It's okay to have exceptions thrown inside a destructor, just as long as you catch() them inside the destructor too and don't allow them to propagate out. | It's okay to have exceptions thrown inside a destructor, just as long as you catch() them inside the destructor too and don't allow them to propagate out. | ||
| + | |||
| + | In C++11, any destructor which throws an exception causes the program to be immediately terminated (except in special cases). | ||
| + | |||
| + | You can read more about the issue here: http://c2.com/cgi/wiki?BewareOfExceptionsInTheDestructor | ||
| + | |||
| + | === The empty brace initializer === | ||
| + | |||
| + | The empty brace initializer should not be used indiscriminately if possible since it hurts readability. | ||
| + | |||
| + | <code>= {}</code> can be used to initialize list-like structures, but not points, rects or map_locations. In those cases, use a constructor call or at the very least, <code>point a = {0,0}</code> or <code>point a(0,0)</code>. This becomes more important in cases like this: | ||
| + | <syntaxhighlight lang='c++'> | ||
| + | last_loc_ = {}; | ||
| + | </syntaxhighlight> | ||
| + | Now the person reading the code has no idea what type last_loc_ has, whereas | ||
| + | <syntaxhighlight lang='c++'> | ||
| + | last_loc_ = map_location(0,0); | ||
| + | </syntaxhighlight> | ||
| + | makes it much more obvious. | ||
| == Naming == | == Naming == | ||
| Line 47: | Line 69: | ||
| If a value passed to a function can never be <tt>NULL</tt>, use a reference instead of a pointer. For example: | If a value passed to a function can never be <tt>NULL</tt>, use a reference instead of a pointer. For example: | ||
| − | + | <syntaxhighlight lang='c++'> | |
| + | void my_function(T& obj); | ||
| + | </syntaxhighlight> | ||
| rather than | rather than | ||
| − | + | <syntaxhighlight lang='c++'> | |
| + | void my_function(T* obj); | ||
| + | </syntaxhighlight> | ||
| This more clearly shows prospective users of the function that <tt>obj</tt> may never be <tt>NULL</tt>, without them having to consult documentation or the implementation of the function. | This more clearly shows prospective users of the function that <tt>obj</tt> may never be <tt>NULL</tt>, without them having to consult documentation or the implementation of the function. | ||
| Line 60: | Line 86: | ||
| Always use <tt>const</tt> when you are not going to modify an object. For example: | Always use <tt>const</tt> when you are not going to modify an object. For example: | ||
| − | + | <syntaxhighlight lang='c++'> | |
| + | void my_function(const T& obj); | ||
| + | </syntaxhighlight> | ||
| This shows to the caller that <tt>obj</tt> will not be modified. If <tt>my_function()</tt> may modify <tt>obj</tt>, then use the following instead: | This shows to the caller that <tt>obj</tt> will not be modified. If <tt>my_function()</tt> may modify <tt>obj</tt>, then use the following instead: | ||
| − | + | <syntaxhighlight lang='c++'> | |
| + | void my_function(T& obj); | ||
| + | </syntaxhighlight> | ||
| Likewise, if a variable is not changed after initialization, make it <tt>const</tt>, and mark member functions as <tt>const</tt> if they do not modify their object. | Likewise, if a variable is not changed after initialization, make it <tt>const</tt>, and mark member functions as <tt>const</tt> if they do not modify their object. | ||
| Line 72: | Line 102: | ||
| If you assign something to a <tt>const</tt> reference of a different type, if necessary (if the type is different but there is a conversion) the compiler will create a temporary and guarantee it lasts for the lifetime of the reference. So | If you assign something to a <tt>const</tt> reference of a different type, if necessary (if the type is different but there is a conversion) the compiler will create a temporary and guarantee it lasts for the lifetime of the reference. So | ||
| − | + | <syntaxhighlight lang='c++'> | |
| − | + | char c = 0; | |
| − | + | const int& i = c; | |
| + | c = 5; | ||
| + | </syntaxhighlight> | ||
| will result in c == 5 and i == 0, which may not be what you expect. | will result in c == 5 and i == 0, which may not be what you expect. | ||
| Line 84: | Line 116: | ||
| Code that uses a pattern like the following is bad: | Code that uses a pattern like the following is bad: | ||
| − | + | <syntaxhighlight lang='c++'> | |
| − | + | { | |
| − | + |     SDL_Surface* image = IMG_Load("image.bmp"); | |
| − | + |     // ...some code, which uses 'image'... | |
| − | + |     SDL_FreeSurface(image); | |
| + | } | ||
| + | </syntaxhighlight> | ||
| The code may throw an exception, and <tt>image</tt> will never be freed. Instead, use wrapper objects which free the object in their destructor. | The code may throw an exception, and <tt>image</tt> will never be freed. Instead, use wrapper objects which free the object in their destructor. | ||
| Line 94: | Line 128: | ||
| For <tt>SDL_Surface</tt> objects, the <tt>surface</tt> type is used throughout the Wesnoth source code to achieve this purpose. So you could rewrite the above code as follows: | For <tt>SDL_Surface</tt> objects, the <tt>surface</tt> type is used throughout the Wesnoth source code to achieve this purpose. So you could rewrite the above code as follows: | ||
| − | + | <syntaxhighlight lang='c++'> | |
| − | + | { | |
| − | + |     surface image(IMG_Load("image.bmp")); | |
| − | + |     // ...some code, which uses 'image'... | |
| + | } // the image is automatically freed here when 'image' is destroyed | ||
| + | </syntaxhighlight> | ||
| Instead of allocating memory directly using <tt>new[]</tt> or <tt>malloc()</tt>, use language-provided containers, such as vector. | Instead of allocating memory directly using <tt>new[]</tt> or <tt>malloc()</tt>, use language-provided containers, such as vector. | ||
| − | + | Similarly, avoid writing <tt>delete</tt> explicitly in your code. Oftentimes using a smart pointer or similar instead will improve the readability of your code, by making it obvious that you are managing memory correctly even if an exception is thrown. If you were deleting a pointer which is a member variable of an object, using a smart pointer instead may simplify your code by eliminating the need to write an explicit destructor in some cases. | |
| − | + | For more information, you can read about the (important) RAII idiom: http://c2.com/cgi/wiki?ResourceAcquisitionIsInitialization | |
| − | ==  | + | === Prefer anonymous namespaces === | 
| − | + | Translation unit-specific (i.e., local to a specific .cpp file) helper functions, types, and variables should be placed together in an anonymous namespace rather than declaring them static individually. | |
| − | + | == Standard C++ to avoid == | |
| − | === Do not use 0 when you mean  | + | === Do not use 0 or NULL when you mean nullptr === | 
| Several Wesnoth developers, including Dave, find the number 0 to be very ambiguous when used in a non-numeric context. In keeping with the precedent that has already been established in the Wesnoth source code, you should avoid using literal zero for initializing and/or comparing null pointers. | Several Wesnoth developers, including Dave, find the number 0 to be very ambiguous when used in a non-numeric context. In keeping with the precedent that has already been established in the Wesnoth source code, you should avoid using literal zero for initializing and/or comparing null pointers. | ||
| + | |||
| + | === Do not use standard io functions === | ||
| + | This implies the std::fstream class and fopen. These functions do not support utf8 in windows which is our standard encoding for filepaths. Use our custom filesystem functions (filesystem.hpp) instead. | ||
| == C legacy to be avoided == | == C legacy to be avoided == | ||
| − | === Use  | + | === Use std::array instead of C-style Arrays === | 
| − | C-style arrays are very efficient, but their interface is ugly. Use <tt> | + | C-style arrays are very efficient, but their interface is ugly. Use <tt>std::array</tt> instead. | 
| − | === Do not use C-style casts === | + | === Do not use C-style or function-style casts === | 
| The following code, | The following code, | ||
| − | + | <syntaxhighlight lang='c++'> | |
| + | if(i->second.side() == (size_t)player_number_) { | ||
| + | </syntaxhighlight> | ||
| is considered bad practice in C++ since a C-style cast is overpowered -- if types change around it could end up casting away constness, or performing an implementation-defined data reinterpretation (basically a C-style cast is a compiler-generated combination of <tt>static_cast</tt>, <tt>reinterpret_cast</tt>, and <tt>const_cast</tt>). | is considered bad practice in C++ since a C-style cast is overpowered -- if types change around it could end up casting away constness, or performing an implementation-defined data reinterpretation (basically a C-style cast is a compiler-generated combination of <tt>static_cast</tt>, <tt>reinterpret_cast</tt>, and <tt>const_cast</tt>). | ||
| + | |||
| + | This syntax, | ||
| + | |||
| + | <syntaxhighlight lang='c++'> | ||
| + | if(i->second.side() == size_t(player_number_)) { | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | is also a cast, and [http://stackoverflow.com/a/32224 semantically identical] to the C-style cast. It should also be avoided. | ||
| Good programming style is to use the least powerful tool available that does what you want. For example: | Good programming style is to use the least powerful tool available that does what you want. For example: | ||
| − | + | <syntaxhighlight lang='c++'> | |
| + | if(i->second.side() == static_cast<size_t>(player_number_)) { | ||
| + | </syntaxhighlight> | ||
| Alternatively, a constructor call may be used for non-built-in types. | Alternatively, a constructor call may be used for non-built-in types. | ||
| Line 141: | Line 192: | ||
| <tt><nowiki>#</nowiki>define foo X</tt> is not a typesafe approach to define constants. Instead, you can something like the following (in an anonymous namespace) to achieve the same goal in a typesafe fashion. | <tt><nowiki>#</nowiki>define foo X</tt> is not a typesafe approach to define constants. Instead, you can something like the following (in an anonymous namespace) to achieve the same goal in a typesafe fashion. | ||
| − | + | <syntaxhighlight lang='c++'> | |
| − | + | namespace { | |
| − | + |     const T foo = X; | |
| + | } | ||
| + | </syntaxhighlight> | ||
| + | |||
| + | === Avoid standard C functions === | ||
| + | |||
| + | Avoid using standard C functions where equivalent functionality is available in the C++ standard library or Boost. For example, use stream operators or <tt>boost::format</tt> instead of <tt>sprintf</tt>, <tt>std::string</tt> or <tt>std::string_view</tt> instead of <tt>strlen</tt>, <tt>std::chrono::duration</tt> instead of <tt>time_t</tt>. However, C APIs that do not have a C++ equivalent are fine to use, such as <tt>toupper</tt> or <tt>isalpha</tt>. | ||
| == Documentation == | == Documentation == | ||
| Line 155: | Line 212: | ||
| === Doxygen === | === Doxygen === | ||
| − | + | All code comment documentation should be done using Doxygen formatting.  Online doxygen output can be found at https://devdocs.wesnoth.org/ | |
| == See also == | == See also == | ||
Latest revision as of 16:24, 5 March 2025
Wesnoth uses C++ that is portable to C++ compilers targeting various commonly used platforms.
Contents
C++ version
Wesnoth uses C++ conforming to C++17 (as supported by macOS 10.11+) in master branch.
Formatting
When working on C++ for Wesnoth, indent your code with a tab character. After fully indenting, if you still need to line up the text with a specific character on the line above, you may further align it using space characters.
You may use long lines.
Don't use a space after control flow keywords (if/for/...).
Evil things to avoid
Avoid implicit conversions
Make all constructors which only take one argument that is of a different type to the class explicit.
Do not use operator T() (where T is a type) to allow an implicit conversion to a different type. For example:
t_string(const std::string&);
This can cause many situations where a temporary t_string is implicitly created and then gets destroyed unexpectedly (reference bug #20360).
Do not declare class data members as non-private
It's okay to have a struct with only public members, if that's what you want.
However, once something is a class with private data members, do not add public (or even protected) data members to the class. Doing this breaks encapsulation and can cause all kinds of confusing and evil things to happen.
Destructors must not throw exceptions
Do not allow exceptions to propogate from a destructor. Doing that is always bad in C++. Any code which does it should be treated as a bug and fixed. Doing this is a very easy way to cause memory leaks and crashes.
It's okay to have exceptions thrown inside a destructor, just as long as you catch() them inside the destructor too and don't allow them to propagate out.
In C++11, any destructor which throws an exception causes the program to be immediately terminated (except in special cases).
You can read more about the issue here: http://c2.com/cgi/wiki?BewareOfExceptionsInTheDestructor
The empty brace initializer
The empty brace initializer should not be used indiscriminately if possible since it hurts readability.
= {} can be used to initialize list-like structures, but not points, rects or map_locations. In those cases, use a constructor call or at the very least, point a = {0,0} or point a(0,0). This becomes more important in cases like this:
last_loc_ = {};
Now the person reading the code has no idea what type last_loc_ has, whereas
last_loc_ = map_location(0,0);
makes it much more obvious.
Naming
End non-public class data members with an underscore
All non-public data members of classes should have their names terminated with an underscore, to show that they are a class member. This makes for more readable code, once one is familiar with the convention.
Idioms
Use references when a value may not be NULL
If a value passed to a function can never be NULL, use a reference instead of a pointer. For example:
void my_function(T& obj);
rather than
void my_function(T* obj);
This more clearly shows prospective users of the function that obj may never be NULL, without them having to consult documentation or the implementation of the function.
Use the const keyword
The const keyword in C++ allows interfaces to more clearly specify how they treat objects. Always use const when you are not going to modify an object. For example:
void my_function(const T& obj);
This shows to the caller that obj will not be modified. If my_function() may modify obj, then use the following instead:
void my_function(T& obj);
Likewise, if a variable is not changed after initialization, make it const, and mark member functions as const if they do not modify their object.
Know the behavior of const references when types differ
If you assign something to a const reference of a different type, if necessary (if the type is different but there is a conversion) the compiler will create a temporary and guarantee it lasts for the lifetime of the reference. So
char c = 0;
const int& i = c;
c = 5;
will result in c == 5 and i == 0, which may not be what you expect.
Write exception-safe code
Wesnoth code should be exception-safe, even if you do not use exceptions directly. That is, you should be able to assume that an exception is thrown almost anywhere from within the code, with well-defined results (i.e. no resource leaks).
Code that uses a pattern like the following is bad:
{
    SDL_Surface* image = IMG_Load("image.bmp");
    // ...some code, which uses 'image'...
    SDL_FreeSurface(image);
}
The code may throw an exception, and image will never be freed. Instead, use wrapper objects which free the object in their destructor.
For SDL_Surface objects, the surface type is used throughout the Wesnoth source code to achieve this purpose. So you could rewrite the above code as follows:
{
    surface image(IMG_Load("image.bmp"));
    // ...some code, which uses 'image'...
} // the image is automatically freed here when 'image' is destroyed
Instead of allocating memory directly using new[] or malloc(), use language-provided containers, such as vector.
Similarly, avoid writing delete explicitly in your code. Oftentimes using a smart pointer or similar instead will improve the readability of your code, by making it obvious that you are managing memory correctly even if an exception is thrown. If you were deleting a pointer which is a member variable of an object, using a smart pointer instead may simplify your code by eliminating the need to write an explicit destructor in some cases.
For more information, you can read about the (important) RAII idiom: http://c2.com/cgi/wiki?ResourceAcquisitionIsInitialization
Prefer anonymous namespaces
Translation unit-specific (i.e., local to a specific .cpp file) helper functions, types, and variables should be placed together in an anonymous namespace rather than declaring them static individually.
Standard C++ to avoid
Do not use 0 or NULL when you mean nullptr
Several Wesnoth developers, including Dave, find the number 0 to be very ambiguous when used in a non-numeric context. In keeping with the precedent that has already been established in the Wesnoth source code, you should avoid using literal zero for initializing and/or comparing null pointers.
Do not use standard io functions
This implies the std::fstream class and fopen. These functions do not support utf8 in windows which is our standard encoding for filepaths. Use our custom filesystem functions (filesystem.hpp) instead.
C legacy to be avoided
Use std::array instead of C-style Arrays
C-style arrays are very efficient, but their interface is ugly. Use std::array instead.
Do not use C-style or function-style casts
The following code,
if(i->second.side() == (size_t)player_number_) {
is considered bad practice in C++ since a C-style cast is overpowered -- if types change around it could end up casting away constness, or performing an implementation-defined data reinterpretation (basically a C-style cast is a compiler-generated combination of static_cast, reinterpret_cast, and const_cast).
This syntax,
if(i->second.side() == size_t(player_number_)) {
is also a cast, and semantically identical to the C-style cast. It should also be avoided.
Good programming style is to use the least powerful tool available that does what you want. For example:
if(i->second.side() == static_cast<size_t>(player_number_)) {
Alternatively, a constructor call may be used for non-built-in types.
Note: there may be some obscure cases where a C-style cast is desirable, such as converting a pointer to an integer type of unspecified size.
Do not use #define for constants
#define foo X is not a typesafe approach to define constants. Instead, you can something like the following (in an anonymous namespace) to achieve the same goal in a typesafe fashion.
namespace {
    const T foo = X;
}
Avoid standard C functions
Avoid using standard C functions where equivalent functionality is available in the C++ standard library or Boost. For example, use stream operators or boost::format instead of sprintf, std::string or std::string_view instead of strlen, std::chrono::duration instead of time_t. However, C APIs that do not have a C++ equivalent are fine to use, such as toupper or isalpha.
Documentation
Document config preconditions and postconditions
In the Wesnoth code you will commonly encounter a data container type known as config, which contains hierarchical string data (such as WML contents or game settings). The tagged children of the config object and their string attributes are arranged in an ordered and mapped format, internally implemented using the C++ STL.
Because config data is utilized in so many ways and places, it can be difficult to track across the scope of the entire program. Thus, you should document all public functions that take/return config objects, specifying content expectations and updating any related entries in the ReferenceWML wiki pages. In particular, if your function requires a config parameter, specify where/how the config object should be created. This will be a great help to any future coders who need to call or modify your function.
Doxygen
All code comment documentation should be done using Doxygen formatting. Online doxygen output can be found at https://devdocs.wesnoth.org/